INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-386-4,10.128.0.57' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   31.177867] ==================================================================
[   31.185269] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190
[   31.192428] Read of size 4 at addr ffff8801cf47f960 by task syzkaller928430/2979
[   31.199936] 
[   31.201538] CPU: 1 PID: 2979 Comm: syzkaller928430 Not tainted 4.14.0-rc1+ #5
[   31.208780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.218107] Call Trace:
[   31.220670]  dump_stack+0x194/0x257
[   31.224271]  ? arch_local_irq_restore+0x53/0x53
[   31.228914]  ? show_regs_print_info+0x65/0x65
[   31.233386]  ? lock_release+0xd70/0xd70
[   31.237333]  ? xfrm_state_find+0x305b/0x3190
[   31.241713]  print_address_description+0x73/0x250
[   31.246526]  ? xfrm_state_find+0x305b/0x3190
[   31.250910]  kasan_report+0x24e/0x340
[   31.254777]  __asan_report_load4_noabort+0x14/0x20
[   31.259677]  xfrm_state_find+0x305b/0x3190
[   31.263885]  ? __save_stack_trace+0x61/0xd0
[   31.268198]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   31.273275]  ? copy_trace+0x1d0/0x1d0
[   31.277054]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   31.282214]  ? check_noncircular+0x20/0x20
[   31.286422]  ? lock_downgrade+0x990/0x990
[   31.290548]  ? find_held_lock+0x39/0x1d0
[   31.294588]  ? __lock_acquire+0x732/0x4620
[   31.298809]  ? find_held_lock+0x39/0x1d0
[   31.302859]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   31.308025]  ? depot_save_stack+0x1c2/0x490
[   31.312327]  ? do_raw_spin_trylock+0x190/0x190
[   31.316882]  ? check_noncircular+0x20/0x20
[   31.321101]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   31.325323]  ? __xfrm_decode_session+0x100/0x100
[   31.330055]  ? lock_downgrade+0x990/0x990
[   31.334173]  ? inet_sendmsg+0x11f/0x5e0
[   31.338115]  ? sock_sendmsg+0xca/0x110
[   31.341980]  ? SYSC_sendto+0x358/0x5a0
[   31.345844]  ? check_noncircular+0x20/0x20
[   31.350057]  ? rt_add_uncached_list+0xa2/0x240
[   31.354609]  ? check_noncircular+0x20/0x20
[   31.358820]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   31.364262]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   31.368644]  ? lock_downgrade+0x990/0x990
[   31.372772]  ? dst_init+0x4d9/0x6a0
[   31.376376]  ? xfrm_selector_match+0xe00/0xe00
[   31.380928]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   31.386092]  ? lock_release+0xd70/0xd70
[   31.390045]  ? refcount_inc_not_zero+0xfe/0x180
[   31.394692]  ? xfrm_selector_match+0x3b/0xe00
[   31.399160]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   31.403892]  ? xfrm_selector_match+0xe00/0xe00
[   31.408451]  ? check_noncircular+0x20/0x20
[   31.412653]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   31.418080]  xfrm_lookup+0xf0a/0x2540
[   31.421851]  ? xfrm_lookup+0xf0a/0x2540
[   31.425799]  ? ip_route_input_noref+0x1e0/0x1e0
[   31.430447]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   31.436827]  ? find_held_lock+0x39/0x1d0
[   31.440871]  ? lock_downgrade+0x990/0x990
[   31.445000]  ? ip_route_output_key_hash+0x1a6/0x370
[   31.449995]  ? lock_release+0xd70/0xd70
[   31.453956]  ? kasan_check_write+0x14/0x20
[   31.458166]  ? ip_route_output_key_hash+0x252/0x370
[   31.463156]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   31.468674]  xfrm_lookup_route+0x39/0x1a0
[   31.472973]  ip_route_output_flow+0x7c/0xa0
[   31.477268]  raw_sendmsg+0xc4f/0x38c0
[   31.481055]  ? raw_setsockopt+0xd0/0xd0
[   31.485006]  ? get_mem_cgroup_from_mm+0x49b/0x710
[   31.489822]  ? lock_page_memcg+0x3b0/0x3b0
[   31.494028]  ? __lock_is_held+0xbc/0x140
[   31.498066]  ? lru_cache_add+0x1c7/0x3a0
[   31.502094]  ? get_mem_cgroup_from_mm+0x710/0x710
[   31.506907]  ? lru_cache_add_file+0x20/0x20
[   31.511218]  ? lock_downgrade+0x990/0x990
[   31.515345]  ? __might_fault+0xe0/0x1d0
[   31.519292]  ? sock_has_perm+0x29c/0x400
[   31.523327]  ? selinux_tun_dev_create+0xc0/0xc0
[   31.527965]  ? lock_release+0xd70/0xd70
[   31.531912]  ? check_same_owner+0x320/0x320
[   31.536202]  ? __check_object_size+0x25d/0x4f0
[   31.540768]  inet_sendmsg+0x11f/0x5e0
[   31.544538]  ? __might_sleep+0x95/0x190
[   31.548482]  ? inet_recvmsg+0x5f0/0x5f0
[   31.552428]  ? selinux_socket_sendmsg+0x36/0x40
[   31.557069]  ? security_socket_sendmsg+0x89/0xb0
[   31.561794]  ? inet_recvmsg+0x5f0/0x5f0
[   31.565742]  sock_sendmsg+0xca/0x110
[   31.569436]  SYSC_sendto+0x358/0x5a0
[   31.573127]  ? SYSC_connect+0x480/0x480
[   31.577068]  ? find_held_lock+0x39/0x1d0
[   31.581113]  ? lock_downgrade+0x990/0x990
[   31.585252]  ? handle_mm_fault+0x410/0x8d0
[   31.589454]  ? down_read_trylock+0xdb/0x170
[   31.593743]  ? __do_page_fault+0x2b8/0xb60
[   31.597949]  ? __handle_mm_fault+0x39c0/0x39c0
[   31.602500]  ? vmacache_find+0x61/0x270
[   31.606459]  SyS_sendto+0x40/0x50
[   31.609885]  ? SyS_getpeername+0x30/0x30
[   31.613922]  do_fast_syscall_32+0x3f2/0xeed
[   31.618222]  ? do_int80_syscall_32+0x930/0x930
[   31.622775]  ? kasan_check_read+0x11/0x20
[   31.626894]  ? syscall_return_slowpath+0x500/0x500
[   31.631795]  ? SyS_rt_sigaction+0x94/0x1b0
[   31.636004]  ? lockdep_sys_exit+0x47/0xf0
[   31.640133]  ? retint_user+0x18/0x20
[   31.643823]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.648643]  entry_SYSENTER_compat+0x51/0x60
[   31.653028] RIP: 0023:0xf7f94c79
[   31.656360] RSP: 002b:00000000fff50a9c EFLAGS: 00000282 ORIG_RAX: 0000000000000171
[   31.664046] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020fdbfc0
[   31.671284] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000020fdbff0
[   31.678521] RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000
[   31.685761] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   31.693002] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   31.700261] 
[   31.701859] The buggy address belongs to the page:
[   31.706761] page:ffffea00073d1fc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   31.714874] flags: 0x200000000000000()
[   31.718734] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   31.726583] raw: dead000000000100 dead000000000200 0000000000000000 0000000000000000
[   31.734428] page dumped because: kasan: bad access detected
[   31.740103] 
[   31.741699] Memory state around the buggy address:
[   31.746595]  ffff8801cf47f800: f2 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 f2 f2 f2 f2
[   31.753929]  ffff8801cf47f880: f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 f2
[   31.761257] >ffff8801cf47f900: f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2
[   31.768583]                                                        ^
[   31.775042]  ffff8801cf47f980: f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 f3 f3 f3
[   31.782546]  ffff8801cf47fa00: f3 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00
[   31.789874] ==================================================================
[   31.797199] Disabling lock debugging due to kernel taint
[   31.802685] Kernel panic - not syncing: panic_on_warn set ...
[   31.802685] 
[   31.810015] CPU: 1 PID: 2979 Comm: syzkaller928430 Tainted: G    B           4.14.0-rc1+ #5
[   31.818466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.827783] Call Trace:
[   31.830337]  dump_stack+0x194/0x257
[   31.833930]  ? arch_local_irq_restore+0x53/0x53
[   31.838564]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.843285]  ? xfrm_state_find+0x2fc0/0x3190
[   31.847658]  panic+0x1e4/0x417
[   31.850815]  ? __warn+0x1d9/0x1d9
[   31.854238]  ? xfrm_state_find+0x305b/0x3190
[   31.858611]  kasan_end_report+0x50/0x50
[   31.862548]  kasan_report+0x137/0x340
[   31.866311]  __asan_report_load4_noabort+0x14/0x20
[   31.871201]  xfrm_state_find+0x305b/0x3190
[   31.875401]  ? __save_stack_trace+0x61/0xd0
[   31.879698]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   31.884768]  ? copy_trace+0x1d0/0x1d0
[   31.888538]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   31.893693]  ? check_noncircular+0x20/0x20
[   31.897893]  ? lock_downgrade+0x990/0x990
[   31.902008]  ? find_held_lock+0x39/0x1d0
[   31.906034]  ? __lock_acquire+0x732/0x4620
[   31.910234]  ? find_held_lock+0x39/0x1d0
[   31.914268]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   31.919421]  ? depot_save_stack+0x1c2/0x490
[   31.923712]  ? do_raw_spin_trylock+0x190/0x190
[   31.928259]  ? check_noncircular+0x20/0x20
[   31.932465]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   31.936673]  ? __xfrm_decode_session+0x100/0x100
[   31.941398]  ? lock_downgrade+0x990/0x990
[   31.945510]  ? inet_sendmsg+0x11f/0x5e0
[   31.949453]  ? sock_sendmsg+0xca/0x110
[   31.953304]  ? SYSC_sendto+0x358/0x5a0
[   31.957159]  ? check_noncircular+0x20/0x20
[   31.961360]  ? rt_add_uncached_list+0xa2/0x240
[   31.965908]  ? check_noncircular+0x20/0x20
[   31.970110]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   31.975536]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   31.979911]  ? lock_downgrade+0x990/0x990
[   31.984022]  ? dst_init+0x4d9/0x6a0
[   31.987614]  ? xfrm_selector_match+0xe00/0xe00
[   31.992157]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   31.997310]  ? lock_release+0xd70/0xd70
[   32.001249]  ? refcount_inc_not_zero+0xfe/0x180
[   32.005886]  ? xfrm_selector_match+0x3b/0xe00
[   32.010349]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   32.015076]  ? xfrm_selector_match+0xe00/0xe00
[   32.019623]  ? check_noncircular+0x20/0x20
[   32.023820]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   32.029238]  xfrm_lookup+0xf0a/0x2540
[   32.033004]  ? xfrm_lookup+0xf0a/0x2540
[   32.036941]  ? ip_route_input_noref+0x1e0/0x1e0
[   32.041578]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   32.047955]  ? find_held_lock+0x39/0x1d0
[   32.051983]  ? lock_downgrade+0x990/0x990
[   32.056098]  ? ip_route_output_key_hash+0x1a6/0x370
[   32.061081]  ? lock_release+0xd70/0xd70
[   32.065026]  ? kasan_check_write+0x14/0x20
[   32.069233]  ? ip_route_output_key_hash+0x252/0x370
[   32.074211]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   32.079717]  xfrm_lookup_route+0x39/0x1a0
[   32.083834]  ip_route_output_flow+0x7c/0xa0
[   32.088129]  raw_sendmsg+0xc4f/0x38c0
[   32.091901]  ? raw_setsockopt+0xd0/0xd0
[   32.095839]  ? get_mem_cgroup_from_mm+0x49b/0x710
[   32.100646]  ? lock_page_memcg+0x3b0/0x3b0
[   32.104847]  ? __lock_is_held+0xbc/0x140
[   32.108878]  ? lru_cache_add+0x1c7/0x3a0
[   32.112903]  ? get_mem_cgroup_from_mm+0x710/0x710
[   32.118020]  ? lru_cache_add_file+0x20/0x20
[   32.122317]  ? lock_downgrade+0x990/0x990
[   32.126435]  ? __might_fault+0xe0/0x1d0
[   32.130374]  ? sock_has_perm+0x29c/0x400
[   32.134400]  ? selinux_tun_dev_create+0xc0/0xc0
[   32.139032]  ? lock_release+0xd70/0xd70
[   32.142972]  ? check_same_owner+0x320/0x320
[   32.147264]  ? __check_object_size+0x25d/0x4f0
[   32.151815]  inet_sendmsg+0x11f/0x5e0
[   32.155588]  ? __might_sleep+0x95/0x190
[   32.159526]  ? inet_recvmsg+0x5f0/0x5f0
[   32.163464]  ? selinux_socket_sendmsg+0x36/0x40
[   32.168098]  ? security_socket_sendmsg+0x89/0xb0
[   32.172819]  ? inet_recvmsg+0x5f0/0x5f0
[   32.176759]  sock_sendmsg+0xca/0x110